containers · debarshiray · Oct 11, 2024
diff --git a/cmd/podman/early_init_darwin.go b/cmd/podman/early_init_darwin.go
@@ -1,28 +1,21 @@
 package main
 
 import (
-	"fmt"
-	"os"
 	"syscall"
+
+	"github.com/sirupsen/logrus"
 )
 
-func setRLimitsNoFile() error {
+func checkRLimits() {
 	var rLimitNoFile syscall.Rlimit
 	if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rLimitNoFile); err != nil {
-		return fmt.Errorf("getting RLIMITS_NOFILE: %w", err)
-	}
-	err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &syscall.Rlimit{
-		Max: rLimitNoFile.Max,
-		Cur: rLimitNoFile.Max,
-	})
-	if err != nil {
-		return fmt.Errorf("setting new RLIMITS_NOFILE: %w", err)
+		logrus.Debugf("Error getting RLIMITS_NOFILE: %s", err)
+		return
 	}
-	return nil
+
+	logrus.Debugf("Got RLIMITS_NOFILE: cur=%d, max=%d", rLimitNoFile.Cur, rLimitNoFile.Max)
 }
 
 func earlyInitHook() {
-	if err := setRLimitsNoFile(); err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to set RLIMITS_NOFILE: %s\n", err.Error())
-	}
+	checkRLimits()
 }
diff --git a/cmd/podman/early_init_linux.go b/cmd/podman/early_init_linux.go
@@ -1,27 +1,19 @@
 package main
 
 import (
-	"fmt"
-	"os"
 	"syscall"
 
-	"github.com/containers/podman/v5/libpod/define"
+	"github.com/sirupsen/logrus"
 )
 
-func setRLimits() error {
-	rlimits := new(syscall.Rlimit)
-	rlimits.Cur = define.RLimitDefaultValue
-	rlimits.Max = define.RLimitDefaultValue
-	if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
-		if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
-			return fmt.Errorf("getting rlimits: %w", err)
-		}
-		rlimits.Cur = rlimits.Max
-		if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil {
-			return fmt.Errorf("setting new rlimits: %w", err)
-		}
+func checkRLimits() {
+	var rLimitNoFile syscall.Rlimit
+	if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rLimitNoFile); err != nil {
+		logrus.Debugf("Error getting RLIMITS_NOFILE: %s", err)
+		return
 	}
-	return nil
+
+	logrus.Debugf("Got RLIMITS_NOFILE: cur=%d, max=%d", rLimitNoFile.Cur, rLimitNoFile.Max)
 }
 
 func setUMask() {
@@ -30,9 +22,6 @@ func setUMask() {
 }
 
 func earlyInitHook() {
-	if err := setRLimits(); err != nil {
-		fmt.Fprintf(os.Stderr, "Failed to set rlimits: %s\n", err.Error())
-	}
-
+	checkRLimits()
 	setUMask()
 }
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go
@@ -6,7 +6,9 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
+	"syscall"
 
 	. "github.com/containers/podman/v5/test/utils"
 	. "github.com/onsi/ginkgo/v2"
@@ -309,6 +311,39 @@ var _ = Describe("Podman exec", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("0000000000000000"))
 	})
 
+	It("podman exec limits host test", func() {
+		SkipIfRemote("This can only be used for local tests")
+
+		var l syscall.Rlimit
+
+		err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l)
+		Expect(err).ToNot(HaveOccurred())
+
+		setup := podmanTest.RunTopContainerWithArgs("test1", []string{"--ulimit", "host"})
+		setup.WaitWithDefaultTimeout()
+		Expect(setup).Should(ExitCleanly())
+
+		session := podmanTest.Podman([]string{"exec", "test1", "sh", "-c", "ulimit -H -n"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		ulimitCtrStr := strings.TrimSpace(session.OutputToString())
+		ulimitCtr, err := strconv.ParseUint(ulimitCtrStr, 10, 0)
+		Expect(err).ToNot(HaveOccurred())
+
+		Expect(ulimitCtr).Should(BeNumerically("==", l.Max))
+
+		session = podmanTest.Podman([]string{"exec", "test1", "sh", "-c", "ulimit -S -n"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		ulimitCtrStr = strings.TrimSpace(session.OutputToString())
+		ulimitCtr, err = strconv.ParseUint(ulimitCtrStr, 10, 0)
+		Expect(err).ToNot(HaveOccurred())
+
+		Expect(ulimitCtr).Should(BeNumerically("<", l.Max))
+	})
+
 	// #10927 ("no logs from conmon"), one of our nastiest flakes
 	It("podman exec terminal doesn't hang", FlakeAttempts(3), func() {
 		setup := podmanTest.Podman([]string{"run", "-dti", "--name", "test1", fedoraMinimal, "sleep", "+Inf"})

diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
@@ -762,6 +762,16 @@ USER bin`, BB)
 		Expect(err).ToNot(HaveOccurred())
 
 		Expect(ulimitCtr).Should(BeNumerically(">=", l.Max))
+
+		session = podmanTest.Podman([]string{"run", "--rm", "--ulimit", "host", fedoraMinimal, "ulimit", "-Sn"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(ExitCleanly())
+
+		ulimitCtrStr = strings.TrimSpace(session.OutputToString())
+		ulimitCtr, err = strconv.ParseUint(ulimitCtrStr, 10, 0)
+		Expect(err).ToNot(HaveOccurred())
+
+		Expect(ulimitCtr).Should(BeNumerically("<", l.Max))
 	})
 
 	It("podman run with cidfile", func() {

diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go
@@ -34,7 +34,6 @@ import (
 	"path"
 	"strconv"
 	"strings"
-	"syscall"
 
 	"github.com/containers/podman/v5/libpod/define"
 	. "github.com/containers/podman/v5/test/utils"
@@ -60,42 +59,6 @@ var _ = Describe("Toolbox-specific testing", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("0:123"))
 	})
 
-	It("podman create --ulimit host + podman exec - correctly mirrors hosts ulimits", func() {
-		if podmanTest.RemoteTest {
-			Skip("Ulimit check does not work with a remote client")
-		}
-		info := GetHostDistributionInfo()
-		if info.Distribution == "debian" {
-			// "expected 1048576 to be >= 1073741816"
-			Skip("FIXME 2024-05-28 fails on debian, maybe because of systemd 256?")
-		}
-		var session *PodmanSessionIntegration
-		var containerHardLimit int
-		var rlimit syscall.Rlimit
-		var err error
-
-		err = syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rlimit)
-		Expect(err).ToNot(HaveOccurred())
-		GinkgoWriter.Printf("Expected value: %d", rlimit.Max)
-
-		session = podmanTest.Podman([]string{"create", "--name", "test", "--ulimit", "host", ALPINE,
-			"sleep", "1000"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(ExitCleanly())
-
-		session = podmanTest.Podman([]string{"start", "test"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(ExitCleanly())
-
-		session = podmanTest.Podman([]string{"exec", "test", "sh", "-c",
-			"ulimit -H -n"})
-		session.WaitWithDefaultTimeout()
-		Expect(session).Should(ExitCleanly())
-		containerHardLimit, err = strconv.Atoi(strings.Trim(session.OutputToString(), "\n"))
-		Expect(err).ToNot(HaveOccurred())
-		Expect(containerHardLimit).To(BeNumerically(">=", rlimit.Max))
-	})
-
 	It("podman create --ipc=host --pid=host + podman exec - correct shared memory limit size", func() {
 		// Comparison of the size of /dev/shm on the host being equal to the one in
 		// a container